Defending Against a Dangerous New World
|
|
- Scot White
- 5 years ago
- Views:
Transcription
1 Defending Against a Dangerous New World Jeff Scheidel Security Architect 1 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
2 Reference Architecture 2 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
3 Subscription-based Content Services Citizen Services Online Healthcare Business Transformation Social Retail Manufacturing Services MOST SIGNIFICANT Mobile Banking Cloud Services Social CRM Mobile Workforce IN 3 Copyright 2013, 2012, Oracle and/or its affiliates. All rights reserved.
4 Trend Mobile Device Use Identity-driven control Unified management Cross Channel Marketing 4 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
5 Trend Cloud Lifecycle Management Authentication as a service Cloud-based access portals Cloud identity store for SaaS apps User self-service Full reporting and audit 5 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
6 Trend Social Identity Leverage social and other IdPs OAuth and OpenID Simplified registration and interactions Secure experience Social trust 6 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
7 2013 : A Good Year For Hackers New Methods, Same Intentions 7 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
8 Malware 8 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
9 Denial of Service 9 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
10 Phishing 10 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
11 Phishing examples April - journalist phished, hacked AP's twitter acct phony tweet about WH explosion market plunged; $136.5B drop in the S&P 100-plus US companies phished mfg processes biz plans communications data RSA!!! Phishing scams disguised as warnings about phishing Phishing scams aimed at oil execs, military contractors, and lawyers 11 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
12 Vulnerabilities 12 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
13 Bad code OS command injection cross-site scripting unrestricted file uploads URL redirects buffer overflow parameter tampering no integrity checks XML poisoning SQL injection 13 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
14 2013 Hacking Highlights Eastern Europe: bank attacks, retail, extortion Asia: infrastructure, industrial espionage 14 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
15 2013 Hacking Highlights Facebook s and phone nbrs for 6M users exposed for UP TO A YEAR Similar flaw found after 24 hours Drive-by attack on employees Drupal open source content management Exposed names, s, other info Flaw in 3rd party software LivingSocial - ecommerce 50 million sets of usernames, pwds, s, DOB Upside? separate network with cc info, for PCI compliance 15 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
16 2013 Hacking Highlights Zendesk - customer support portal thousands of addresses and support messages users from Pinterest, Twitter, Tumblr like Zappos - oh gee, it's just addresses, right? CorporateCarOnline - limo reservation package leaked info for 850K clients Credit cards - celebs with no credit limit Notes about behaviors and routines Adobe ColdFusion vulnerability Third party hosting the data 16 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
17 2013 Hacking Highlights Evernote - mobile data storage Detected breach, reset pwds for 50M users Response? two-factor auth strong pwds, protected with hashing and salting MongoHQ - database as a platform Thousands of cloud users: s, pwds, acct info Attackers could access Amazon web svc storage accts (client db s!!!!!) Via compromised personal acct Misconfigured security appliances 17 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
18 2013 Hacking Highlights Target New York Times Govt-sponsored espionage Targeted two reporters working on a report critical of a foreign govt 18 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
19 The BIG news? Stolen creds Social engineering Funky location 19 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
20 Advanced Persistent Threat Smart people Dedicated people People with a purpose 20 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
21 Iterative attacks Monster.COM stolen ids lead to phishing ESTsoft faked creds, uploaded malware, stolen info Nortel TJX / Heartland 21 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
22 Do you appreciate the threat? Some people get it Some people don t You can t protect against it if you don t know what it is Have a risk assessment plan Pick your targets 22 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
23 How does compliance factor in? Is compliance the same as security? What s the perfect model? Where do they intersect? LEAST PRIVILEGE & VALIDATION 23 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
24 67 % Records breached from servers 76 % Breached using weak or stolen credentials Over 1.1B Served 69 % Discovered by an external party 97 % Preventable with basic controls 24
25 So what to do? Common sense policies Account sharing Configurations Least privilege Awareness Third party security Data on devices Patches / updates Common sense defenses Risk assessment Database Privileged users Apps and web services Strong authentication Intelligent authorization 25
26 Reference Architecture 26
27 Defense in Depth Database Security Protect against bad SQL Encryption and Masking Privileged User Controls Multi-Factor Authorization Activity Monitoring and Audit Secure Backup & Configuration Information Identity and Access Infrastructure Databases Applications Content User Provisioning Roles and SoD Entitlements Management Risk-Based Access Control Directory Firewalling Web Service Security Mobile and Social 27 27
28 Multi-dimensional value proposition Security as defense Security as protection of IP Security as compliance Security as a vehicle for packaging and presenting new products and services 28
29 Why are Databases so Vulnerable? 80% of IT Security Programs Don t Address Database Security Forrester Research Network Security Enterprises are taking on risks that they may not even be aware Authentication & User Security SIEM of. Especially as more and more attacks against databases exploit legitimate access. Security Database Security Endpoint Security Web Application Firewall 30
30 Database Security Approaches Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 31
31 Database Security Approaches Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 32
32 Encryption is the Foundation Preventive Control for Oracle Databases Protect data from file system intrusions Transparent data encryption Prevents access to data at rest Requires no application changes Built-in two-tier key management Near Zero overhead with hardware Integrations with Oracle technologies e.g. Exadata, Advanced Compression, ASM, Golden Gate, DataPump, etc. Applications Disk Backups Exports Off-Site Facilities 33
33 Redaction of Sensitive Data Displayed Least privilege at a field level Customer service and other need to know Real-time sensitive data redaction based on database session context Library of redaction policies and pointand-click policy definition Consistent enforcement, policies applied to data Transparent to applications, users, and operational activities Credit Card Numbers Redaction Policy xxxx-xxxx-xxxx Call Center Application Billing Department 34
34 Masking Data for Non-Production Use Preventive Control for Oracle Databases Data Masking Replace sensitive application data Referential integrity detected/preserved Extensible template library and formats Application templates available For PCI, masking or compensating control LAST_NAME SSN SALARY AGUILAR ,000 BENSON ,000 Production Test Dev Non-Production LAST_NAME SSN SALARY ANSKEKSL ,000 BKJHHEIEDK ,000 Production 35
35 Privileged User Controls Preventive Control for Oracle Databases Segregation of Duties for DBMS Limit DBA access to application data Multi-factor SQL command rules Realms create protective zones Enforce enterprise data governance, least privilege, segregation of duties Out of the box application policies Applications Procurement HR Finance Security DBA select * from finance.customers Application DBA DBA 36
36 Privileged User Management / Enablement Databases, operating systems, critical apps Centrally managed passwords Check-in, check-out Automatic password change / expiration 37
37 Database Security Approaches Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 38
38 Stopping the ultimate attacks on the DB SQL Injection Protection with Positive Security Model SELECT * from stock where catalog-no='phe8131' White List Allow Applications SELECT * from stock where catalog-no= ' union select cardno,0,0 from Orders -- Block Databases Allowed behavior can be defined for any user or application Automated white list generation for any application Out-of-policy database transaction detected and blocked/alerted 39
39 Stopping the ultimate attacks on the DB Enforcing Database Activity with Negative Security Model SELECT * FROM v$session Black List DBA activity from Application? DBA activity from Approved Workstation SELECT * FROM v$session Block Allow + Log Stop specific unwanted SQL interactions, user or schema access Blacklisting can be done on factors such as time of day, day of week, network, application, user name, OS user name etc Provide flexibility to authorized users while still monitoring activity 40
40 Oracle Audit Vault and Database Firewall Solution for Oracle and Non-Oracle Databases Users Applications Database Firewall Allow Log Alert Substitute Block Firewall Events SOC Alerts! Auditor Built-in Reports Audit Data Security Analyst Custom Reports Policies Audit Vault OS, Directory, File System & Custom Audit Logs 41
41 Oracle Database Security Solutions Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 42
42 Identify the bodies, give them rights, then keep checking Identity Governance Access Management Lifecycle Management & 360 visibility Regular & Privileged identities Complete access control & SSO Fraud Detection Converged Policy Administration & Control Directory Services LDAP, Virtualization Fraud & Meta-directory Detection Unified Administration & Management 43
43 Identity, Access, Source Integration, openness Governance Access Directory Password Management Request & Approval Roles based User Provisioning Analytics, Policy Monitoring Risk-based Certification Single Sign-On & Federation Web Services Security Authentication & Fraud Prevention Authorization & Entitlements LDAP Storage Virtualized Identity Access LDAP Synchronization Platform Identity Services for Developers 44
44 Enable, Disable, Change Mgmt Identity Management Assign Cell Phone Subscribers Self Registration Approval Manual Task Provisioned User Identity Store Role Access Policy & Compliance Checks Automated Workflow Connector New/Updated Subscriber New/Updated Staff Subscriber System HR Reconciliation Engine In case of Updates { Revoked unnecessary User Access 45
45 Keep everybody in the box Closed-Loop Functional Architecture Data Cleanup & Controls Reconcile Identity Administration Continuous Compliance & Certification Provisioning Policy Administration Provisioning Orchestration 46
46 Oracle Directory Services Plus Virtual Directory Internet Directory Directory Server Enterprise Edition Unified Directory Aggregate without synchronization Re-use existing native identity stores LDAP standards compliant Enterprise grade directory services Directory sync & consolidation AuthN Service for Operating Systems Centralized Auth & Password Policy for all Unix OS flavors (Add-on to OID) Central, High Scalable Directory Store LDAP Authentication for disparate environment Seamless, non intrusive synchronization (of users, passwords, groups) with AD LDAP Authentication for disparate environment Directory Virtualization Capability Highly Extendible Highest Performance for up to few millions entries 47 (*) OpenDS inheritance
47 Risk-Aware Security & Access Control Secure Login Adaptive, Continuous Risk Calc Model Risk Events Detect Anomalies Challenge or Block Analysis and Forensics User Profile Device Fingerprint IP area / Geo-location Pattern / anomaly detection Auto-learning OTP Challenge questions Block Alert Forensics 48
48 Entitlements Vision Security within Applications Authentication IDM Admin U.I. OTP (SMS, IM, ) SMS/ IM/ / Server Authorizations Risk Manager Federation Web Application Other Web App etc Entitlements Federation IdP / SdP Directory Services Full Access Services Framework Extendible to Entitlements within Java /.NET Applications 49
49 Security for REST and Mobile Devices Mobile Browser Clients OIC Client Mobile Web Service Clients HTTP / REST / SOAP / OAUTH Access Manager Mobile & Social Identity Manager Adaptive Access Mgr OWSM OWSM Service Bus OWSM Web Services Corporate DMZ Uniform & consistent security across clients Mobile Single Sign-On & Multifactor Authn User & Device Registration, Password Management Authorization and routing Data Redaction & Enrichment Corporate Network Threat detection SSL and Certificate based authentication Rate limiting (Throttling) and Metering Protocol transformation ID Context Propagation Legacy Services 50
50 Mobile Device Security Securing containerized apps / Corporate DMZ Corporate Network Containerized Apps Webgate / OHS OAM Protected Resources Oracle Access Manager With Mobile & Social Oracle Adaptive Access AppTunnel Active Directory OUD Oracle Mobile Access Server Oracle Mobile Security Admin Console SOAP/REST and Legacy Web Services 51
51 Numbers to remember Oracle s security practice $1 Billion 600 team members 34 countries 30,000 customers 52
52 53 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
The 10 Principles of Security in Modern Cloud Applications
The 10 Principles of Security in Modern Cloud Applications Nigel King, Vice President, Oracle In-Depth Seminars D11 1 Safe Harbor Statement The following is intended to outline our general product direction.
More informationwith Oracle IDM Peter Heintzen, Sen. Mgr. Information Security Oracle
Data Privacy Enhanced Database Security with Oracle IDM Peter Heintzen, Sen. Mgr. Information Security Oracle Security Levels for SLAs Preventive Controls Detective Controls Corrective
More information<Insert Picture Here> Oracle Database Security
Oracle Database Security Ursula Koski Senior Principal Architect ursula.koski@oracle.com Ursula Koski Senior Principal Architect Senior Principal Architect Oracle User Group Liaison
More informationPrivate Clouds: Opportunity to Improve Data Security and Lower Costs. InfoTRAMS Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt t W Pracy
Private Clouds: Opportunity to Improve Data Security and Lower Costs InfoTRAMS Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt t W Pracy Private Clouds: Opportunity to Improve Data Security and
More informationDatabase Centric Information Security. Speaker Name / Title
Database Centric Information Security Speaker Name / Title The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationSecurity Readiness Assessment
Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS
More informationRelated Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)
PRESENTED BY: Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced) One of the main problems that customers face with the adoption of SaaS and cloud-based apps is how to deliver the
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationGoogle Identity Services for work
INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationCIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products
CIAM: Need for Identity Governance & Assurance Yash Prakash VP of Products Key Tenets of CIAM Solution Empower consumers, CSRs & administrators Scale to millions of entities, cloud based service Security
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Securing Privileged Accounts with an Integrated IDM Solution Olaf.Stullich@oracle.com Product Manager, Oracle Mike Laramie Oracle Cloud for Industry Architecture Team Buddhika Kottahachchi OPAM Architect
More informationInside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1
Inside Symantec O 3 Sergi Isasi Senior Manager, Product Management SR B30 - Inside Symantec O3 1 Agenda 2 Cloud: Opportunity And Challenge Cloud Private Cloud We should embrace the Cloud to respond to
More informationSECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS
WHITE PAPER SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS The Challenges Of Securing AWS Access and How To Address Them In The Modern Enterprise Executive Summary When operating in Amazon Web Services
More informationPasswords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist
Passwords Are Dead Long Live Multi-Factor Authentication Chris Webber, Security Strategist Copyright 2015 Centrify Corporation. All Rights Reserved. 1 Threat Landscape Breach accomplished Initial attack
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationNews and Updates June 1, 2017
Microsoft Azure News and Updates June 1, 2017 Azure Backup for Windows Server System State Modern Backup Storage with Azure Backup Server v2 vcenter/esxi 6.5 support for Azure Backup Server Larger Disk
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationNext Generation Authentication
Next Generation Authentication Bring Your Own security impact Dominique Dessy Sr. Technology Consultant 1 2012 DIGITAL UNIVERSE 1.8 ZETTABYTES 1,800,000,000,000,000,000,000 2 $ 3 4 Threat Landscape 60%
More informationOpenIAM Identity and Access Manager Technical Architecture Overview
OpenIAM Identity and Access Manager Technical Architecture Overview Overview... 3 Architecture... 3 Common Use Case Description... 3 Identity and Access Middleware... 5 Enterprise Service Bus (ESB)...
More informationOracle Identity and Access Management
Oracle Identity and Access Management AGENDA Overview Features Components Customizations APIs Oracle Identity Manager Connectors High Availability Concepts High Availability Architecture OVERVIEW Identity
More informationMobile Device Management
Mobile Device Management David Roundtree, CISSP Identity & Security Public Sector State & Local Date: April 23, 2013 1 This document is for informational purposes. It is not a commitment to deliver any
More informationISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems
ISACA Silicon Valley APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems Why Should You Care About APIs? Because cloud and mobile computing are built
More informationHow NOT To Get Hacked
How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?
More informationHow-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018
How-to Guide: Tenable.io for Microsoft Azure Last Updated: November 16, 2018 Table of Contents How-to Guide: Tenable.io for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationCybersecurity Roadmap: Global Healthcare Security Architecture
SESSION ID: TECH-W02F Cybersecurity Roadmap: Global Healthcare Security Architecture Nick H. Yoo Chief Security Architect Disclosure No affiliation to any vendor products No vendor endorsements Products
More informationSecure Access & SWIFT Customer Security Controls Framework
Secure Access & SWIFT Customer Security Controls Framework SWIFT Financial Messaging Services SWIFT is the world s leading provider of secure financial messaging services. Their services are used and trusted
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationOffice 365 and Azure Active Directory Identities In-depth
Office 365 and Azure Active Directory Identities In-depth Jethro Seghers Program Director SkySync #ITDEVCONNECTIONS ITDEVCONNECTIONS.COM Agenda Introduction Identities Different forms of authentication
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationThe Realities of Data Security and Compliance: Compliance Security
The Realities of Data Security and Compliance: Compliance Security Ulf Mattsson, CTO, Protegrity Ulf.mattsson @ protegrity.com Bio - A Passion for Sailing and International Travel 2 Ulf Mattsson 20 years
More informationCentrify Identity Services for AWS
F R E Q U E N T L Y A S K E D Q U E S T I O N S Centrify Identity Services for AWS Service Description and Capabilities What is included with Centrify Identity Services for AWS? Centrify Identity Services
More informationGuide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1
Guide to Deploying VMware Workspace ONE VMware Identity Manager 2.9.1 VMware AirWatch 9.1 Guide to Deploying VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware
More informationIntroduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike
Anonymous Application Access Product Brief Contents Introduction 1 The Safe-T Solution 1 How It Works 2-3 Capabilities 4 Benefits 4 List 5-11 Introduction With the move to the digital enterprise, all organizations
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationMitigating Security Breaches in Retail Applications WHITE PAPER
Mitigating Security Breaches in Retail Applications WHITE PAPER Executive Summary Retail security breaches have always been a concern in the past, present and will continue to be in the future. They have
More informationThe Common Access Card The problems it solves (and the ones it doesn t) Quest Software/One Identity Dan Conrad Federal CTO
The Common Access Card The problems it solves (and the ones it doesn t) Quest Software/One Identity Dan Conrad Federal CTO 1 Disclaimer The views expressed in this presentation are those of the author(s)
More informationHow-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018
How-to Guide: Tenable Nessus for Microsoft Azure Last Updated: April 03, 2018 Table of Contents How-to Guide: Tenable Nessus for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationToday s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps
Today s workforce is Mobile Most applications are Web-based apps Cloud and SaaSbased applications are being deployed and used faster than ever Hybrid Cloud is the new normal. % plan to migrate >50% of
More informationGuide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1
Guide to Deploying VMware Workspace ONE DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationProtect Yourself Against VPN-Based Attacks: Five Do s and Don ts
White Paper Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts Don t let stolen VPN credentials jeopardize your security March 2015 A TECHTARGET WHITE PAPER Most IT professionals take for
More informationCyberArk Solutions for Secured Remote Interactive Access. Addressing NERC Remote Access Guidance Industry Advisory
CyberArk Solutions for Secured Remote Interactive Access Addressing NERC Remote Access Guidance Industry Advisory Table of Contents The Challenges of Securing Remote Access 3 Using CyberArk s Privileged
More informationGuide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE
Guide to Deploying VMware Workspace ONE with VMware Identity Manager SEP 2018 VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationManaging Your Privileged Identities: The Choke Point of Advanced Attacks
Managing Your Privileged Identities: The Choke Point of Advanced Attacks Shirief Nosseir EMEA Alliances Director Identity & API Management Tuesday, 16 May 2017 Agenda Why Privileged Access Management Why
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationRSA. The security division of EMC. Visibilidad total en el entorno de seguridad. Javier Galvan Systems Engineer Mexico & NOLA
RSA The security division of EMC Visibilidad total en el entorno de seguridad Javier Galvan Systems Engineer Mexico & NOLA 1 When we talk about threats we MUST talk about Indicator Of Compromise 2 Indicator
More informationSecurity Overview. Technical Whitepaper. Secure by design. End to end security. N-tier Application Architecture. Data encryption. User authentication
Technical Whitepaper Security Overview As a team, we have a long history of developing and delivering HR software solutions to customers worldwide, including many of the world s most-demanding organisations.
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationMcAfee Database Security
McAfee Database Security Sagena Security Day 6 September 2012 September 20, 2012 Franz Hüll Senior Security Consultant Agenda Overview database security DB security from McAfee (Sentrigo) VMD McAfee Vulnerability
More informationManaging the Risk of Privileged Accounts and Passwords
Managing the Risk of Privileged Accounts and Passwords Definition: Privileged Account Privileged Management Obviously accounts with special or elevated permissions Windows Every workstation and server
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationFencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1
Fencing the Cloud with Identity Roger Casals Senior Director Product Management Shared vision for the Identity: Fencing the Cloud 1 Disclaimer Copyright 2014 Symantec Corporation. All rights reserved.
More informationThe erosion of the perimeter in higher education. Why IAM is becoming your first line of defence.
www.pwc.com.au The erosion of the perimeter in higher education. Why IAM is becoming your first line of defence. What are all the things that make up IAM? 2 The identity scope is getting bigger and bigger.
More informationService Description VMware Workspace ONE
VMware Workspace ONE Last Updated: 05 April 2018 The product described in this Service Description is protected by U.S. and international copyright and intellectual property laws. The product described
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Secure Java Web Application Development Lifecycle - SDL (TT8325-J) Day(s): 5 Course Code: GK1107 Overview Secure Java Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on Java / JEE
More informationPT Unified Application Security Enforcement. ptsecurity.com
PT Unified Application Security Enforcement ptsecurity.com Positive Technologies: Ongoing research for the best solutions Penetration Testing ICS/SCADA Security Assessment Over 700 employees globally Over
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationSecurity Specifications
Security Specifications Overview Password Manager Pro deals with administrative passwords that offer secure access to enterprise credentials and devices. Any compromise on the security of these passwords
More informationApplication and Data Security with F5 BIG-IP ASM and Oracle Database Firewall
F5 White Paper Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall Organizations need an end-to-end web application and database security solution to protect data, customers,
More informationIdentity-Powered Security
Identity-Powered Security Innovation created a very complex environment. z / OS PL / I Public Cloud Private Cloud Internet of Things (IoT) COBOL CICS IMS Cloud How is leveraging cloud impacting risk and
More informationOracle Audit Vault. Trust-but-Verify for Enterprise Databases. Tammy Bednar Sr. Principal Product Manager Oracle Database Security
Oracle Audit Vault Trust-but-Verify for Enterprise Databases Tammy Bednar Sr. Principal Product Manager Oracle Database Security Agenda Business Drivers Audit Vault Overview Audit
More informationGDPR How we can help. Solvit Networks CA. ALL RIGHTS RESERVED.
GDPR How we can help Solvit Networks 01.11.2017 2016 CA. ALL RIGHTS RESERVED. GDPR The facts The General Data Protection Regulation (GDPR) applies to all companies trading in the EU and processing personal
More informationTRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald
TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE John McDonald 1 What is Trust? Can I trust that my assets will be available when I need them? Availability Critical Assets Security Can I trust
More informationLayer Security White Paper
Layer Security White Paper Content PEOPLE SECURITY PRODUCT SECURITY CLOUD & NETWORK INFRASTRUCTURE SECURITY RISK MANAGEMENT PHYSICAL SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY VENDOR SECURITY SECURITY
More informationBuilding an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO
Building an Effective Threat Intelligence Capability Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO The Race To Digitize Automotive Telematics In-vehicle entertainment
More informationOracle Audit Vault Implementation
Oracle Audit Vault Implementation For SHIPPING FIRM Case Study Client Company Profile It has been involved in banking for over 300 years. It operates in over 50 countries with more than 1, 47,000 employees.
More informationSponsored by Oracle. SANS Institute Product Review: Oracle Audit Vault. March A SANS Whitepaper. Written by: Tanya Baccam
Sponsored by Oracle SANS Institute Product Review: Oracle Audit Vault March 2012 A SANS Whitepaper Written by: Tanya Baccam Product Review: Oracle Audit Vault Page 2 Auditing Page 2 Reporting Page 4 Alerting
More informationOracle Database 11g: Security Release 2
Oracle University Contact Us: + 38516306373 Oracle Database 11g: Security Release 2 Duration: 5 Days What you will learn In this course, students learn how they can use Oracle Database features to meet
More informationNIST Revision 2: Guide to Industrial Control Systems (ICS) Security
NIST 800-82 Revision 2: Guide to Industrial Control Systems (ICS) Security How CyberArk can help meet the unique security requirements of Industrial Control Systems Table of Contents Executive Summary
More informationAn Oracle White Paper June Oracle Audit Vault and Database Firewall
An Oracle White Paper June 2013 Oracle Audit Vault and Database Firewall Introduction... 2 Oracle Audit Vault and Database Firewall Overview... 3 Auditing and Monitoring Overview... 3 Audit Vault... 4
More informationSecurity Diagnostics for IAM
Security Diagnostics for IAM Strategies and Approaches Rebecca Harvey Brian Dudek 10/29/2018 Core Competencies Our areas of expertise Cloud Data Mobility Security Enable business innovation and transition
More informationAktueller Überblick über das RSA Portfolio
Aktueller Überblick über das RSA Portfolio Intelligence-Driven Security RSA Security Summit, München 2014 Norbert Olbrich, Pre-sales Manager, RSA Deutschland 1 Agenda 1. Understand the elements 2. Pack
More informationDon t blink or how to create secure software. Bozhidar Bozhanov, LogSentinel
Don t blink or how to create secure software Bozhidar Bozhanov, CEO @ LogSentinel About me Senior software engineer and architect Founder & CEO @ LogSentinel Former IT and e-gov advisor to the deputy prime
More informationCipherCloud CASB+ Connector for ServiceNow
ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationDirectory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA
Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationEn partenariat avec CA Technologies. Genève, Hôtel Warwick,
SIGS Afterwork Event in Geneva API Security as Part of Digital Transformation Projects The role of API security in digital transformation Nagib Aouini, Head of Cyber Security Services Defense & Cyber Security
More informationWho am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB
@markmorow Who am I? Identity Product Group, CXP Team Premier Field Engineer SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB Active Directory Domain Services On-premises App Server Validate credentials
More informationExecutive Summary Spear 150 Spear Street, Street, Suite 1400, San Francisco, CA CA
Executive Summary As a collaboration suite, Google Apps contains some of the most sensitive business data of any IT system. Everything from emails, contracts, product designs, customer lists and more can
More informationIdentity Management as a Service
Identity Management as a Service The Challenge Today s technological landscape is one of permanent change. While connections to digital services and mobile devices grow, securing the data generated by
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationOracle Security Products and Their Relationship to EBS. Presented By: Christopher Carriero
Oracle Security Products and Their Relationship to EBS Presented By: Christopher Carriero 1 Agenda Confidential Data in Corporate Systems Sensitive Data in the Oracle EBS What Are the Oracle Security Products
More informationIT Service Delivery and Support Week Three. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao
IT Service Delivery and Support Week Three IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 Infrastructure Essentials Computer Hardware Operating Systems (OS) & System Software Applications
More information